BIND is not Unbound.
Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2
- Thread starter JaimeZX
- Start date
SomeWhereOverTheRainBow
Part of the Furniture
This specifically relates to out dated bind servers. Unbound is kept pretty well up to date as it relates to security concerns.
Mathieu
Regular Contributor
Hello
Anyone knows cases where Unbound might take precedence over VPN client DNS rules (set to Strict/Exclusive)?
That is, would the Open VPN DNS rules still be enforced for relevant clients where Unbound is the default DNS resolver?
Is that were the case, should specific rules be specified by way of user script? Any lead?
Thanks.
Anyone knows cases where Unbound might take precedence over VPN client DNS rules (set to Strict/Exclusive)?
That is, would the Open VPN DNS rules still be enforced for relevant clients where Unbound is the default DNS resolver?
Is that were the case, should specific rules be specified by way of user script? Any lead?
Thanks.
In my configuration, I set accept DNS configuration to disabled in VPN client. In this setup, VPN client still use unbound which is what I wanted. I have tried other strict and exclusive before but I couldn't remember exactly what's the behavior. Did you get your desired DNS resolver to work? I can test it out for you on my device.
Edit: I just did a quick test. With strict, my pc still resolve with unbound. With exclusive, my pc resolve using VPN DNS. All these is done with DNS filter set to router.
Last edited:
Mathieu
Regular Contributor
Thank you
My intentions are probably different from yours, as I would like all clients to resolve through Unbound, save for those devices specifically routed through the tunnel.
I found with a prior setup that using VPN / Relaxed DNS config would result in TLS handshake errors. I assume that was because of 'inconsistency' between the VPN-assigned IP address and the Unbound DNS.
I will try the setup per your Edit and see if Unbound and VPN DNS can coexist peacefully.
Cheers
DocUmibozu
Regular Contributor
Any news about this?
www.snbforums.com
It seems that haveged is deprecated....
Jitterentropy-Rngd high CPU use
Recently updated my RT-AC88U to 386.2.4 . Since, I have seen very high CPU usage from the jitterentropy-rngd daemon, somtimes as high as 80% getting close to maxing out both cores. On a positive note this is not consistent. It waxes and wanes with usage increases when WAN throughput is higher...
www.snbforums.com
It seems that haveged is deprecated....
SomeWhereOverTheRainBow
Part of the Furniture
That is assuming that haveged is the cause of the issue with Jitterentropy-rngd. that user just stated they had jitterentropy-rngd causing high cpu spikes. nothing actually showing haveged causing the problem.Any news about this?
Jitterentropy-Rngd high CPU use
Recently updated my RT-AC88U to 386.2.4 . Since, I have seen very high CPU usage from the jitterentropy-rngd daemon, somtimes as high as 80% getting close to maxing out both cores. On a positive note this is not consistent. It waxes and wanes with usage increases when WAN throughput is higher...
It seems that haveged is deprecated....
DocUmibozu
Regular Contributor
Sorry but you totally missed the point.
In the thread Merlin said to inform scripts developers to remove haveged from the scripts, because jitterentropy does the same thing.
See post #9 in the thread I mentioned...
Last edited:
DocUmibozu
Regular Contributor
Anyway I disabled haveged in init.d and unbound seems to work without problems...
SomeWhereOverTheRainBow
Part of the Furniture
I get what you are saying , but I would leave it until it is determined there is not some underlying issue with jitterentropy-rngd. As you can see from that OP , the issue was still open as to why that user had cpu spikes. It brings in to question the full effectiveness of jitterentropy-rngd on some model routers.
New2This
Senior Member
I have my unbound traffic running through my VPN
I did an auto-Reboot at 3am this morning, but when I looked at the Unbound stats, it had not restarted at that time. I did a Refresh stats from the GUI and that got the stats going again. I did not think to check from AMTM if Unbound was running.
Update: I just checked amtm, and Unbound says its been running for 6+ hrs, which corresponds to the reboot, so only the stats did not start.
Update: I just checked amtm, and Unbound says its been running for 6+ hrs, which corresponds to the reboot, so only the stats did not start.
Last edited:
heysoundude
Part of the Furniture
I'm having fairly regular power fluctuations in my area of late (as the grid learns to compensate for Air conditioners, I presume) and anytime it does, I lose the GUI for the addons I run. this is a problem since updating to v386 for me - If someone can point me in the direction of resolving this (other than a factory reset), I'd be very appreciative.
SomeWhereOverTheRainBow
Part of the Furniture
Scheduled reboots during times you are not actively online may help alittle.
Hi started playing around with ubound on my hot-spare router using 386.2_4. I did the AMTM install, diversion to get entware, then disabled diversion. Then I installed unbound by defaults. I did some prelim testing and no vids on YT would run. I removed ubound, rebooted the router and YT vids played fine. Any thoughts? Thanks.
I used to add some delay in post-mount script before unbound but not anymore. Not sure if this will help.
Unbound - unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2
Did unbound just had an update? I installed today and get version v3.22b6. It is pretty much just install and go, no more easy / advance mode to choose? I remember the last time I install couple of weeks ago there are so many options to choose and I was lost. I like this one better, install and...
www.snbforums.com
I thought I would post this here hoping for an answer.
I'm running unbound in addition to dnsmasq in Merlin 384_19. For this config, are the dnsmasq vulnerabilities in 384 an issue? I thought that for a dns query, dnsmasq resolves from its cache, but if not there, it goes to unbound, and that dnsmasq does not go out to the big, bad, internet itself. If that is right, then it's unbound's job to protect against the baddies not dnsmasq. Have I got that right? I'm using the default config files for unbound and dnsmasq.
I'm running unbound in addition to dnsmasq in Merlin 384_19. For this config, are the dnsmasq vulnerabilities in 384 an issue? I thought that for a dns query, dnsmasq resolves from its cache, but if not there, it goes to unbound, and that dnsmasq does not go out to the big, bad, internet itself. If that is right, then it's unbound's job to protect against the baddies not dnsmasq. Have I got that right? I'm using the default config files for unbound and dnsmasq.
I have a question. On my router I am using practically all the addons present in AMTM. You use them all except x3mRouting, unbound, dnscrypt and pixelserv. I always use the VPN 24h and all my traffic goes through the VPN. In the past I had tried Unbound but it gave me DNS leak problems which could then be solved by passing all DNS requests in the VPN tunnel, I have scripts that I found here on the forum that solve the problem. The questions are these:
1) Should I also install Unbound even though I already have Diversion on board?
2) I am using the VPN_Failover script which restarts the VPN if the VPN tunnel fails. If I used Unbound with DNS requests routed in the VPN tunnel, in case VPN_Failover needs to restart the VPN, then would I have the DNS exposed or would everything be ok as before?
I ask these questions because if I install Unbound then it is not so easy to remove it from the router, the last time I had to do a factory reset
1) Should I also install Unbound even though I already have Diversion on board?
2) I am using the VPN_Failover script which restarts the VPN if the VPN tunnel fails. If I used Unbound with DNS requests routed in the VPN tunnel, in case VPN_Failover needs to restart the VPN, then would I have the DNS exposed or would everything be ok as before?
I ask these questions because if I install Unbound then it is not so easy to remove it from the router, the last time I had to do a factory reset
Following the updated versions of unbound added to entware
unbound-anchor - 1.13.1-2
unbound-checkconf - 1.13.1-2
unbound-control - 1.13.1-2
unbound-daemon - 1.13.1-2
the unbound script is to longer completing
unbound-anchor - 1.13.1-2
unbound-checkconf - 1.13.1-2
unbound-control - 1.13.1-2
unbound-daemon - 1.13.1-2
the unbound script is to longer completing
Code:
[1626008669] unbound-control[29323:0] error: connect: Connection refused for 127.0.0.1 port 953
'key-cache-size:' (N/A)
[1626008669] unbound-control[29329:0] error: connect: Connection refused for 127.0.0.1 port 953
[1626008669] unbound-control[29331:0] error: connect: Connection refused for 127.0.0.1 port 953
'msg-cache-size:' (N/A) 0% used (N/A)
[1626008669] unbound-control[29346:0] error: connect: Connection refused for 127.0.0.1 port 953
[1626008669] unbound-control[29348:0] error: connect: Connection refused for 127.0.0.1 port 953
'rrset-cache-size:' (N/A) 0% used (N/A)
netware5
Very Senior Member
Seems to be we have again problems with Unbound after Entware upgrade. I will wait until the update of Unbound is available via amtm script.
Similar threads
Similar threads
Similar threads
-
Unbound Force all DNS requests through Unbound using iptables?- Started by muffintastic
- Replies: 14
-
-
-
-
-
-
Is it possible to use nord dns with unbound or any way to add it?- Started by Jack-Sparr0w
- Replies: 9
-
-
Unbound Use unbound/router as default DNS server
- Started by BeachGuy
- Replies: 2
-
Latest threads
-
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root- Started by PR3MIUM
- Replies: 0
-
-
-
-
Upgrading from wifi 5 to wifi 6 and looking for suggestions
- Started by Listedguru2
- Replies: 2
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!